DistroWatch Weekly

A weekly opinion column and a summary of events from the distribution world

DistroWatch Weekly

DistroWatch Weekly, Issue 547, 24 February 2014

Welcome to this year's 8th issue of DistroWatch Weekly! Linux distributions are flexible and modular in nature, allowing them to squeeze into all sorts of interesting niches. Some distributions package as much software as possible, others remain lean, some focus on the desktop market while others operate best in the server room. This week we take a look at projects working in a variety of markets. We start off with Chakra, a distribution which brings cutting-edge software and fast performance to desktop systems. Then we turn our eyes to the Ubuntu community where Canonical is making progress in their march to bring Ubuntu to mobile devices. We also discuss how Canonical is handling user privacy and confusion around the company's licensing policies. Plus, we share updates on the OpenBSD project's fund-raising efforts. In our Questions and Answers column this week we cover a few simple ways to protect servers against brute-force password guessing attacks. We are happy to bring you news of distribution releases from the past week, plus we look forward to fun new developments to come. Finally, we are pleased to announce that the recipient of the DistroWatch.com January 2014 donation is the QupZilla web browser project. We wish you all a wonderful week and happy reading!

Chakra GNU/Linux is a Linux distribution I have enjoyed watching grow and develop over the years. Chakra rose from a Arch Linux foundation and took on two interesting characteristics. The first is that Chakra maintains a semi-rolling release style of package management. Basically the foundation of the distribution stays relatively static (and hopefully stable) while the end user applications roll forward, maintaining pace with the latest upstream versions. The second characteristic, and what makes Chakra stand out in my mind, is that the distribution tries to maintain a pure KDE/Qt environment. There are no GNOME/GTK+ packages in Chakra or even in the project's default software repositories. It is possible to add GTK-based software using an add-on repository and I will talk a bit about that later.

The latest release of Chakra GNU/Linux, version 2014.02, does not advertise many big changes, mostly the release announcement points to updated versions of software. Chakra ships with KDE 4.12 and version 3.12 of the Linux kernel. Small adjustments have been made to the project's system installer and initial configuration wizard, but we will get to those shortly. This release of Chakra is available as a single edition and I found only a 64-bit x86 build on the project's download page. The ISO I downloaded was approximately 1.8 GB in size.

Booting from Chakra's ISO brings up a boot menu offering a few choices. We can start a live desktop session (the default option), we can load the same live desktop session with non-free hardware drivers or we can launch a hardware detection utility. The hardware detection software brings up a simple menu system by which we can navigate information about our computer's hardware. Individual pieces of hardware are grouped in categories to make it easier to discover exactly what our computer has hidden inside its case. Taking the boot menu's live desktop offering quickly brings us to the KDE desktop. The interface is presented in a classic manner with the application menu, task switcher and system tray all placed at the bottom of the display. On the desktop we find a welcome widget which features two tabs. One tab contains informative notes on using Chakra and the project's design. Along the bottom of this widget we see links to the project's website, system installer and documentation. The second tab of the welcome widget displays project news and announcements. Speaking of the Chakra website, the project has a really nice wiki and starting guide for newcomers. This guide contains detailed information on installing and running Chakra, including tips for working with the system installer and package manager.

Chakra's system installer is called Tribe and it is a graphical application which bears a passing resemblance to Kubuntu's installer. Tribe starts off by showing us the project's release notes and we are then asked to confirm our keyboard's layout. The installer then shows us a globe we can rotate and zoom in on in order to select our location. The installer then attempts to use the given location to determine our preferred language, a setting we can override if need be. Up next is a screen which handles disk partitioning and I grew concerned when the disk partitioning screen simply showed me a blank page with three buttons at the bottom. One button appeared to be a refresh button and another was labeled "Format". The third button was labeled "Advanced" and I clicked this one.

The Advanced button brought up a message saying no devices could be found. Now I knew I had a disk attached to the system, the Chakra hardware detection tool had correctly identified it moments earlier. I closed the installer and attempted to launch the KDE Partition Manager which also told me it couldn't find any devices with which to work. I then dropped to a command line and used the text-based program cfdisk to create a new partition layout and new partitions for me. Then, when I went back into the Tribe application, I found it was able to correctly detect my newly created partitions and I was able to use the installer to assign mount points to my partitions. We then have the chance to create user accounts, multiple accounts if we would like. I decided to create two. From there the installer asked if I would like to copy all of the Chakra packages from my installation media onto the local hard drive or, alternatively, I could selectively download categories of software from online repositories. The latter option may be slower, but it lets us start with only the software we want, producing a leaner install.

There did not appear to be any way to selectively install packages available on the local media. I decided to install everything from the local media. We are then shown a confirmation screen where our selected settings are shown to us and the installer waits for permission to proceed. Files are then copied to our local hard drive and, when the process is finished, we can optionally choose to customize the system's initial ramdisk and install the GRUB2 boot loader. The boot loader installs by default, which is good, most people will want this. The initial ramdisk customization is less likely to be used, but it allows us to provide device or network support to the operating system early in the boot process should we need it. With those steps completed Chakra's installer declared it was done and I rebooted the computer.

The first time we boot into Chakra the operating system proceeds directly to the KDE desktop environment and loads a configuration wizard. This wizard walks us through several steps, most of them relating to the look and feel of our graphical user interface. For instance, we are asked which popular folders we want placed in our home directory with possible options including Documents, Video and Music. We can tell KDE to use a single click or double-click of the mouse to open files and folders and we can choose whether our mouse is set up to be left- or right-handed. We can choose our preferred application menu layout, our favourite background, whether or not the keyboard's meta key should open the application menu and how often to check for software updates. We also get into system-wide settings such as whether to run printing and anti-virus services. The wizard is nicely laid out and each configuration step comes with a brief explanation of what we are doing. After we get to the last step we are dropped at our newly configured KDE desktop.

Previously I mentioned creating two user accounts during the install process and it surprised me a little to discover Chakra automatically logged me in as the first of these two users. In fact at every boot the first user was automatically logged in despite having a password on the account. A quick trip to the KDE System Settings panel corrected this and future boot-ups brought me to a graphical login screen. Other things I soon noticed were that KDE had some basic visual effects enabled by default and the interface was surprisingly fast. I do not think I have experienced a KDE 4 installation which was as responsive and smooth as the one which Chakra ships. Even with file indexing and visual effects enabled, even when running in a virtual machine, Chakra's implementation of KDE was very responsive. What it was not was light on memory, using approximately 420 MB of RAM when sitting idle at the desktop.

Chakra GNU/Linux 2014.02 comes with a collection of software which is mostly associated with the KDE desktop. I am of the opinion that functionality and practicality have been sacrificed in some cases in the name of KDE/Qt purity. Going through the application menu we find the Rekonq web browser, the Konversation IRC client, the KGet download manager and the Calligra productivity suite. We find the Okular document viewer, the k3b disc burning software, the Dragon Player multimedia player and the Amarok music player. There is an Amazon music downloading client, a partition manager and the KGpg encryption and key management software. The KDE System Settings panel is present, giving us the ability to configure, in detail, the look and feel of the user interface.

NetworkManager and the KPPP dial-up networking software are included to help us get online. There are some other small utilities which help us manage user accounts, discover information about our hardware, edit text files and work with file archives. The GNU Compiler Collection is installed for us and Chakra comes with popular multimedia codecs. There is no Flash support by default, but it can be added from the project's software repositories. One sub-category of the application menu contains links which open our web browser to the Chakra website. These links bring us directly to documentation, forums or the bug tracker, which is convenient. In the background Chakra comes with the Linux kernel, version 3.12.

While playing around with Chakra GNU/Linux 2014.02 I noticed a few minor issues. One was that the Marble desktop globe application would not load, the software immediately crashed when I attempted to open it. I found that Chakra supported playing audio files, including mp3s, right out of the box. However, when I tried to open any video files the Dragon Player media player would open, play the video for a second or two and then crash. To get around this problem I installed the VLC multimedia player from Chakra's repositories and found VLC was able to play all of my video files without any problem.

The subject of installing software brings us to Oktopi, Chakra's graphical package manager. Oktopi acts as a graphical front-end to the Pacman command-line package manager and has a layout which reminds me of Synaptic. We are shown a simple list of available packages in alphabetical order and icons next to each package let us know its status (installed, available or upgradeable). We can search for software by name or description and we can filter software based on its status. We can use the package manager to create batches of actions (install, remove or upgrade). While a batch of actions is being processed, the package manager locks up and a terminal window opens, showing us Pacman's progress. Optionally, Oktopi can check the Chakra website for project news. By default there are no GTK+-based applications available to us in the software repositories. We can get GTK+-based software by editing Pacman's configuration file and enabling the project's Extra repository. From then on, programs built with GTK+ will show up in the package manager.

While using Oktopi I found the package manager generally worked well. It was fast and easy to navigate and search results were returned almost instantly. I did run into two quirks though. The first was that I had to enter my password every time I wanted to perform an action. Really, this wasn't a problem, but it did slow down the process of installing new software and it would be nice if the application would remember my credentials. The other issue was that Oktopi (and Pacman) would sometimes report my system was more up to date than the project's repositories. I double-checked the version numbers of some local packages, notably the members of the Calligra suite, and confirmed my local software had a higher version number than the software offered in the repositories. This caused some warnings from the package manager, but otherwise didn't result in any problems.

Earlier I mentioned that the Chakra project is one I have enjoyed watching grow and mature. The developers are certainly trying something unusual with their semi-rolling, KDE-focused distribution with its custom installer. The Chakra project ships cutting-edge software and has (for a Linux distribution) a tight focus, providing just a single, 64-bit edition of their operating system. Throughout my time with Chakra (both this week and in trials past) I found myself regularly flipping back and forth between thinking, "This is great!" and "Oh, wait, why is it doing that?" The Tribe system installer features a good example of this duality when it first shows us a beautiful globe set against a night sky where we can rotate and zoom to select our location and, then, a minute later, the partition manager couldn't find my hard drive.

The graphical package manager shipping with this release has a nice, simple approach and reminds me of the reliable Synaptic package manager. I was impressed with the package manager's speed and simplicity. But then I ran into a problem which confused me and, seemingly, the package manager too when it reported my copy of Chakra was more up to date than the project's software repositories. In a similar vein it was nice to have multimedia support out of the box, but I was frustrated when multiple video formats would cause the default media player to crash. As another example, I think it is great the system installer supports creating multiple users, but then why does Chakra automatically login one user account when we create multiple users? That seems like a potential security problem.

The short version of all this is Chakra has some nice features and it does some interesting things. I love how amazingly fast the project's build of KDE is on my hardware and I like that the project does some things a bit differently. I like that the team has put together an increasingly comprehensive collection of documentation. I especially appreciate that GTK-based software is no longer shipped in stand-alone bundles, but rather in an add-on repository, allowing the user to add software using a single package manager, rather than switching between different software managers. In short, I feel Chakra has made positive progress over the past year. The distribution still has rough edges, plenty of small, unpleasant surprises for the unwary user, but overall it is improving. The project is well worth a look if you are a fan of either Arch Linux or the KDE desktop.

* * * * *

Hardware used in this review

My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications:

When Ubuntu introduced online search lenses in the Unity dash it caused a good deal of negative reactions from people who were worried about their privacy. While searches and results were passed through a server run by Canonical, the dash would load images from third-party product providers (such as Amazon) directly over an insecure connection. Many users complained about a local utility searching online and leaking personal information and both the Electronic Frontier Foundation and the Free Software Foundation requested Canonical change the way Ubuntu's dash worked. Well, some change has come to the way the dash searches for content. The Open Sourcerer has a brief history of how the dash worked previously, people's concerns and how it works now. While not all concerns have been addressed -- the online search results are still enabled by default -- steps have been taken to secure search results and isolate the user's queries from third-party organizations. The end result, the blog states, is this: "Now when you search for socks, Amazon gets CDN requests for images from products.ubuntu.com. Your computer gets the images from products.ubuntu.com (over HTTPS rather than HTTP), it is now basically a reverse proxy for Amazon images, so that Amazon is now more convinced than ever that Canonical's server has got cold toes. As it happens, there is nothing wrong with your toes and you actually wanted to configure a socks proxy all along, and the shopping thing was a pointless overhead because when you want new socks the dash isn't where you dash to."

In other Ubuntu-related news, Canonical announced last week that they have formed partnerships with mobile device makers to ship Ubuntu-powered smart phones. "Canonical is working with these partners to ship the first Ubuntu devices on the latest hardware in 2014. Ubuntu has also received significant support from the world's biggest carriers, some of which intend to work with OEM partners to bring phones to market this year." At the moment, Canonical has two mobile partners, bq (in Spain) and Meizu (in China).

Finally, a note on Ubuntu's interface in the distribution's upcoming 14.04 release. Ubuntu's default desktop environment, Unity, will make it possible for users to select whether they have one global menu or application menus integrated into the program's window. Global menus simplify the interface somewhat and require less screen space, but can be troublesome for people with larger (or multiple) displays. Michael Deguzis writes, "Many users have long missed these traditional menus, some longing for their return. With criticism of Unity still heard throughout the halls of the Linux `town hall' it is promising to see some choice put back into the hands of the users."

* * * * *

Back in December we discussed Linux Mint's relationship with Canonical and the on-going talks the two organizations were having with regards to licensing. At the time it was reported that Canonical wanted the Linux Mint project to agree to a license, one which might have required the Mint project to pay for the privilege of using Ubuntu binary packages. Since then Canonical has released a rather vague statement about the company's intellectual property rights. This was followed by a Ubuntu Community Council statement which, on the whole, failed to clear up the relationship between Ubuntu and its family of derivative distributions. The vague wording in both posts has lead to speculation as to Canonical's position on Ubuntu packages and licensing. Last week Jonathan Riddell decided to clear up matters and posted a blog with regards to Ubuntu, Kubuntu and licensing. He wrote: "So let me say clearly, no license is needed to make a derivative distribution of Kubuntu. All you need to do is remove obvious uses of the Kubuntu trademark. Any suggestion that somehow compiling the packages causes Canonical to own extra copyrights is nonsense. Any suggestion that there are unspecified trademarks that need a license is untrue."

* * * * *

Back in January we reported the OpenBSD project was facing financial difficulty. The security-focused project was looking for donations to help keep the project (especially the OpenBSD build servers) running. It looks as though the open-source community and various companies that value OpenBSD have come to the project's aid. The OpenBSD Foundation reports they have received US$146,000 in donations so far in 2014, quite an increase over the approximately US$63,000 in revenue received in 2013. This is good news not only for fans of OpenBSD, but also for the many people who use tools which grew out of the OpenBSD project, such as the OpenSSH secure shell service.

On a more technical note, here is an update on the integration of GNOME 3 into OpenBSD by Antoine Jacoutot: "There is some more and more awareness in the GNOME community that at least two major BSDs (OpenBSD and FreeBSD) have people actively working to make GNOME a viable option for them and I think it can benefit all sides. As far as my little person is concerned, I am currently working on setting up a buildbot infrastructure with JHBuild to be able to run continuous builds of the GNOME HEAD repository (which the FreeBSD folks are doing already). "JHBuild is a tool used to build the whole GNOME desktop from the version control system". That will help us catch portability issues very early. It will also help OpenBSD fix some of its tools (I am looking at you libtool!). We spent the last couple of years pushing a maximum number of local patches upstream and as of today, most of then got accepted. But there is obviously still work to do. The upcoming most challenging task will certainly be to develop compatible APIs provided by systemd and that GNOME uses (timedated, localed, hostnamed and logind). Some parts are trivial, some others not as much."

Questions and Answers (by Jesse Smith)

Preventing unwanted remote logins

Locking-the-door asks: I would like to know how to limit the number of times a remote attacker can attempt to login to my Linux server before I lock out the user account for a given period of time. Why isn't blocking excessive login attempts a standard security feature for Linux distributions?

DistroWatch answers: There are a few ways to go about blocking attackers from logging in remotely when they are performing trial-and-error attempts at guessing your password. Perhaps the easiest way to stop these sorts of password guessing attacks is to use a service called DenyHosts. The DenyHosts service runs quietly in the background on your computer and detects when someone is repeatedly trying to login and failing due to an incorrect password. After a set number of login attempts (I believe the default is ten) the DenyHosts service temporarily blocks the attacker's IP address. This works against most drive-by attempts to access your computer.

Another tool you can use which will slow down attackers is to limit the number of times someone can connect to your secure shell service in a given amount of time. The filtering is done at the firewall level and typically limits the number of attempts a person can make to connect to your machine in a 30 second window. Doing this on distributions which package the ufw firewall is especially easy as it just requires typing two short lines:

ufw limit 22/tcpufw enable

Both of the above options are a little nicer than actually locking the user account because they block attack attempts without overly inconveniencing the legitimate user who may wish to login. Locking the user account itself means the real user cannot utilize their credentials anymore. Still, if you do wish to specifically ban an account after a certain number of login attempts you can do so using FailLog. Setting up this utility will temporarily ban a user if they fail to login properly.

As to why these security measures are not in place by default, there are a couple of reasons. One is that legitimate users are not perfect. We forget passwords, we fail to notice the caps lock is on, we change our password before the weekend and it slips our mind. I previously worked at a help desk and have fielded hundreds of calls from people who fumbled typing in their password enough times that they got locked out. Locked accounts are a hassle for users and it wastes the time of end-users and administrators alike. Another reason is a clever attacker may decide to effectively lock you out of your own server using what is called a denial of service attack. The attacker may not be able to guess your password, but they can prevent you from logging in if they simply keep guessing your password over and over. This can effectively lock administrators and users out of a server if the administrator is not careful about how they set up the blocking mechanism. Remember, not all attackers want to gain access to your server, some of them just want to inconvenience you and may use your own defenses to that end.

Dalton Miller has announced the release of Bridge Linux 2014.02, an Arch-based Linux distribution with a choice of GNOME, KDE, LXDE and Xfce desktop environments: "Announcing Bridge Linux 2014.02. Not many changes, a few bug fixes and updates. Note: editing the GRUB configuration file may be required due to a bug where GRUB finds the wrong disk UUID. To fix this, run 'sudo blkid' and edit the new GRUB configuration file with the correct UUID from your partition. Update overview: bug fixes with locale switching in the installer; updates to the post-install script; fixed autologin issue on tty." Here is the brief release announcement. This release of Bridge Linux is built with GCC 4.8.2 on top of Linux kernel 3.12.9 and it includes GNOME 3.10, KDE 4.12.2, X.Org Server 1.15.0, Chromium 32.0.1700.107 and LibreOffice 4.1.4.

Univention has released an updated build of Univention Corporate Server 3.2, a Debian-based server distribution with a web-based management system for central administration of servers: "We are pleased to announce the availability of UCS 3.2-1, the first point release of Univention Corporate Server (UCS). It includes all errata updates issued for UCS 3.2-0 and comprises the following highlights: the Linux kernel package was updated to 3.10.26, besides many bug fixes this also improves hardware support; the Univention App Center was extended - beside several bug fixes, new interfaces are provided which improve the integration of third-party applications; Univention AD Takeover - the UCS solution for the automatic migration of an Active Directory domain to UCS - was improved further, it now also support the migration of AD domains operated in languages other than English or German...." See the release announcement and release notes for further information.

John Martinson has announced the release of 7.4.1, an updated build of the project's user-friendly, Debian-based distribution with tightly integrated VirtualBox virtualisation software (for running another operating system in an application window as a "guest"). What's new in this release? "Robolinux now supports the newest version of VirtualBox, 4.3.6, which has webcam sharing and many new improvements; the Windows virtual machine installers have been completely re-written to support VirtualBox 4.3.6; all Robolinux versions prior to 7.4.1 do not work with the newest Robolinux virtual machine installers and Stealth VM software tools; completely new Stealth VM software tools have been released and may be downloaded after making a very small donation; several new Menu options and launchers have been added; all current updates have been added...." See the distribution's download page on SourceForge for further information.

Ron Henderson has announced the availability of a major new release of Network Security Toolkit (NST), a Fedora-based live DVD with an extensive collection of open-source network security tools: "We are pleased to announce the latest NST release: NST 20 SVN:5650. This release is based on Fedora 20 using Linux kernel 3.12.10. Significant effort has been devoted to bringing this release on par with Fedora 20. Starting with NST 20, the MATE desktop is now the preferred desktop. Here are some of the highlights for this release: added a new drag zoom feature to the 'NST Ntopng IPv4 Hosts' application; integration of the MATE desktop and the LightDM GTK+ desktop login screen greeter; added a new NST WUI page for the network utility script - getipaddr; added a new 'Network Interface Renaming' mode to the NST script - nstnetcfg that creates predictable network interface names which will survive each system reboot...." See the complete release announcement for a full list of changes and new features.

Curtis Gedak has announced the release of GParted Live 0.18.0-1, an updated version of the Debian-based live CD with utilities for disk management and data rescue tasks: "The GParted team is proud to announce a new stable release of GParted Live. This live image contains GParted 0.18.0 which fixes a resize/move problem introduced in 0.16.2 that might set partition size smaller than ext2/3/4, NTFS, and ReiserFS file systems in certain situations. Other items of note include: based on the Debian 'Sid' repository as of 2014-02-18; includes GParted 0.18.0. This version of GParted includes: prevent crash when creating new partition on disk with loop label; fix default partition table that can not handle larger than 2 terrabyte disks; add BitLocker disk encryption detection." Here is the brief release announcement.

Matthias Klumpp announced the release of Tanglu 1.0. Tanglu is a new Linux distribution, based on Debian's "Testing" branch, which attempts to bring a modern and cutting-edge operating system to the desktop: "We are happy to announce the release of Tanglu 1.0 (Aequorea Victoria) today. It has been an exciting development period where lots of new infrastructure was built and set up, new concepts and ideas have been discussed and implemented, new designs were created, texts were translated and blog posts were written. Lots of work went into making the Tanglu archive rebuildable. During this period, a small but very talented team has been formed. We found issues which affected Debian as well and these were reported, fixed or pending and we generally worked well together with Debian. Exploring systemd in Tanglu already yielded some hints which will help Debian with its own transition." See the release announcement and read the detailed release notes for more information, known issues and instructions for upgrading from Debian.

Phil Müller has announced the release of Manjaro Linux 0.8.9, a new version of the project's Arch Linux-based distribution offering a choice of KDE and Xfce desktops, as well as a separate edition featuring the lightweight Openbox window manager: "With this release we provide three unique graphical desktops, optimized for your needs. There will be our flagship Xfce edition everybody knows Manjaro for, an updated KDE edition featuring Turbulence, our new tool to customize your Manjaro installation, and a redesigned Openbox edition to fit the needs of our vibrant community. Not to mention our usual community editions. The Manjaro team has grown a lot for this release, and we’re expanding our roots even further." Read the detailed release announcement to find out about all the new features and to see screenshots of the three desktops.

We are pleased to announce that the recipient of the January 2014 DistroWatch.com donation is QupZilla, an open-source web browser. The project receives US$250.00 in cash.

QupZilla describes itself as "a lightweight multi-platform web browser written in Qt Framework and using its web rendering core QtWebKit." It also comes with a number of interesting features: "QupZilla is using native widgets style on major Linux Desktop Environments. It is also using icons from the active desktop icon theme. If you find native themes too boring or have some problems with it, you can always switch to other themes. QupZilla unifies bookmarks, history and rss reader in one well-arranged window. No more multiple windows, QupZilla uses just one! With the integrated RSS reader, you can stay up to date with your favourite sites. QupZilla can also import bookmarks from other browsers." Visit the project's website to find out more. DistroWatch reviewed the QupZilla web browser.

Launched in 2004, this monthly donations programme is a DistroWatch initiative to support free and open-source software projects and operating systems with cash contributions. Readers are welcome to nominate their favourite project for future donations. Those readers who wish to contribute towards these donations, please use our advertising page to make a payment (PayPal, credit cards, Yandex Money and Bitcoins are accepted). Here is the list of the projects that have received a DistroWatch donation since the launch of the programme (figures in US dollars):

1 • QupZilla (by NoFUD on 2014-02-24 09:54:47 GMT from United States)
This browser, that Jesse reviewed back on the 20th of January, IMO deserves the donation for that month. Since the review, I have been using QupZilla and I can say I am impressed with it. It seems to be very under rated. I had never heard of before until the Distrowatch review, thanks.

IF, Firefox pulls an "Opera", I could see this (QupZilla) becoming my go to browser. Open Source, sufficient features (and growing), stable and fast. What is not to like?

Even if Firefox just finds other funding instead of google (I hope so.), like DuckDuckGo, etc. QupZilla would still be my top choice as backup/alternative browser. Thanks again for enlightening me about this excellent browser. :)2 • @Jesse-Preventing unwanted remote logins (by NewBee on 2014-02-24 09:59:23 GMT from United States)
Jesse, thanks for the info about Denyhosts. Looks like a must have tool. Question: from the terminal (after install of Denyhosts) how would I verify Denyhosts is working/on as it is suppose to?3 • QupZilla, Firefox (by Bob on 2014-02-24 10:54:02 GMT from Austria)
QupZilla looks interesting, but it apparently isn't able to run Pepper plugins. So in Linux I'd probably have to stick to Chromium whenever a current Flash version is needed. Several years ago someone predicted that Flash would be killed soon by HTML5. That was a pretty funny statement and it still is.

BTW after recently installing Chromium I have recognized that it could use the outdated Linux/Mozilla Flash plugin without problems. Still wondering why Firefox developers are unable/unwilling to do that with Pepper plugins. Not sure if it is wise to waste manpower in order to create Shumway. The infamous Gnash project comes to mind...4 • Firefox (by Paraquat on 2014-02-24 11:48:06 GMT from Taiwan)
Qupzilla sounds good, but I'm also finding that the latest Firefox (version 27) is also really fast. Especially if you install the No Flash extension.5 • DenyHosts (by Jesse on 2014-02-24 12:54:26 GMT from Canada)
@2: " Question: from the terminal (after install of Denyhosts) how would I verify Denyhosts is working/on as it is suppose to?"

To confirm the DenyHosts service is running you could check its status using whichever utility your distribution ships with. Something like "service denyhosts status" on Ubuntu or "systemctl status denyhosts" on Fedora/Arch/openSUSE. As to whether DenyHosts is working, you can verify it a few ways. One would be to try to login ten times with the wrong password and then try with the right password. Also know that DenyHosts will, by default, send out an e-mail to the administrator when it blocks an IP address. Check the configuration file to see where DenyHosts is sending its e-mail. If you are getting messages from the service it is working (and blocking attacks).6 • Mint Should Rebuild Ubuntu and Stand Up Its Own Servers (by joncr on 2014-02-24 14:17:02 GMT from United States)
In the long run, the safer, prudent, course for Linux Mint is to rebuild Ubuntu source after removing the trademarks (which they haven't always done thoroughly) and hosting the binaries on its own servers.

There are other potential problems with relying on someone else's binaries on someone else's servers for your own distribution. We may see, for example, that some convergent applications that live on those servers are so tightly bound to the convergent-friendly confines of Ubuntu that they will not play well elsewhere without tweaking and recompilation (minimally, adjusting compiler flags to disable the convergent bits.)7 • Nice thought....but, (by Garon on 2014-02-24 14:29:00 GMT from United States)
@6,That is a nice thought but Linux Mint really don't have the man power and I don't believe they would have the finances to pull off what people seem to think they need to do. They couldn't keep up with LMDE and I don't believe they could keep up now. Of course that is just my opinion but at this time there seems to be no problems. Just as was stated, just compiling doesn't give you any special rights and it's foolish to think so.8 • Chakra Review (by dragonmouth on 2014-02-24 15:13:09 GMT from United States)
When reviewers review distros they always test the package manager for its ability and ease of installing new packages. I have yet to see a reviewer test the package managers ability to UNinstall unwanted/unneeded packages.

In some distros the uninstall process is quite easy. Unrelated packages do not depend on each other. Other distros, such as the *buntu family, will allow the uninstall of only a few packages. For example, *buntus install by default the language packs for seemingly all languages in the world as well as drivers for most video cards and printers. All these packages take up hundreds of megs of space on the HD. They cannot be removed because they all have "ubuntu-minimal" package as a dependency. Uninstalling "ubuntu-minimal" effectively wrecks the system.

There are two issues here. One, how the package manager handles uninstalls, can be easily handled by the reviewers just by testing if packages can be uninstalled.. The other issue of tying most packages to system modules requires a change in thinking by developers, which I don't foresee happening any time soon, if ever.9 • I miss the OLD Ubuntu (by Shawn on 2014-02-24 15:19:20 GMT from United States)
So Ubuntu grabs its packages from Debian's Unstable repository and spins what we know as Ubuntu. Mint takes Ubuntu's tweaks to the Debian Unstable packages and creates/updates its own distro.. Mint also changes things up in some packages to make them more stable than Ubuntu's..

Am I right so far? If so, whatever happened to the GPL? Doesn't it state that the code is freely distributable and can be modified as long as those who receive the code have the same rights as those who changed it? I guess I'm just not sure where money and "rights" to access repositories is coming from and how there is somehow a fee needed to have the right to view/edit/download & use the code that's basically Debian's in the first place.

Glad I switched back to pure Debian, all these distro's based off of Ubuntu and distro's based off of Mint and Ubuntu and Kubuntu, etc., is kinda driving me nuts. Slackware on my home laptop, Debian on my workstation. Easy. Simple.10 • Easy. Simple. (by schultzter on 2014-02-24 15:41:44 GMT from Canada)
@9I hear you! I took a different path for the same reason (Arch, but I used to run Slackware). But those aren't distros with warm & fuzzy installers/updaters, that's the trade off I guess. And I guess that's where they make their money. And where there's money there's "rights" and "trademarks" and stuffs.11 • @9 (by pitimini on 2014-02-24 15:42:12 GMT from Spain)
If I understand correctly the thing is about Canonical's trademarks, kinda like what happens with Red Hat and CentOS.12 • Being independent from Canonical (by Jazzavac on 2014-02-24 15:58:48 GMT from Italy)
@6, @7, @9It's funny that no one noticed, on this page has been mentioned another project that is trying to address concerns you mentioned, it's not only a distribution but an infrastructure that implemented a workflow similiar to the one Ubuntu used for the past 10 years.Think about it like a community driven Ubuntu without Unity, Mir and BDFL Mark. It's focused on the desktop, it builds on top of Debian and despite it's infancy it's already giving back to Debian. It's called Tanglu.Please read carefully the "release announcement" and "release notes" documents linked in the article, they might seem full of buzzwords as usual but are not.It's installable and works nice, but the most important thing is that it's open for collaboration so has the potential of becoming a great exchange point for those desktop projects close to Debian but unhappy with Canonical decisions. To clarify, the goal is not to become a base for spins but to be inclusive as possible.13 • *buntus kerfuffles (by GNUday on 2014-02-24 16:03:11 GMT from Canada)
Wow, just wow, how can they play the license game with Mint when Ubuntu based their whole operation/distro(s) on GNU/GPL Debian? That's laughable, I guess they didn't read the Debian GPL before they tweaked each package and slapped "ubuntu" on the end of each package name. Ubuntu will eventually cause repository server wars, other mainstream distros will follow their foot stamping and tell other derivative distros to take their servers out of their default sources list. That could actually be the solution, Ubuntu can't control what servers end users decide to add/change after installation (here comes my prediction of an MS like Ubuntu install hash verified at Ubuntu servers, yikes). If they don't want the cow milked, then they shouldn't let it out of the barn in the first place.

As for the Kubuntu branding thing, that sounds about the same as the Firefox/Iceweasel branding issue between Debian and Mozilla, Mozilla OWNS the Firefox branding and artwork. Did Kubuntu get an actual copyright? I want to read it, lol, this is a lot of ado about some ugly artwork and a name, maybe KDE should have word with Kubuntu, they barely change anything from the default KDE install package. Kubuntu based distro authors should distance themselves from Kubuntu anyway, it's not that great, hence the derivative 'rewrites'.

As for the desktop search issue, I don't care what silly little tweaks they made, a search for a file on my local machine shouldn't LEAVE my local machine, and still no popup after install to give the user a choice to turn it on or off, NOT acceptable (the vague error popups still work though, lol). I am so glad I made the EARLY move back to Debian stable/Xfce, really not liking the negative vibes coming out of Canonical these days, at all. Somebody at Debian PLEASE take the word "Ubuntu" out of the software-properties-gtk package, it's annoying as hell, and I know I really don't need the package, it's NOT installed.

Ubuntu is becoming the M*cros*ft of the Linux world, circling the wagons...filled with lawyers, lol, and muddying the waters of the spirit of FOSS in the process. Long after Ubuntu goes 'pay' and fades in to obscurity, Debian will still be around.14 • Nothing to do with the GPL. and the OLD has not changed. (by Garon on 2014-02-24 16:21:05 GMT from United States)
The GPL doesn't have anything to do with the Ubuntu repositories. Most distros that have their own repositories, and there aren't many of them, usually own the servers that the repositories are on. The source code is freely distributable for anything under the GPL license. Also any special branding has to be removed before the one acquiring the code releases it again. I do not believe that it is wrong for the owners of these servers to charge a fee for access to these servers. Most don't charge even tho they should. The GPL also will let me take Debian code, modify it, brand it, compile it, distribute it, and charge money for it. The users of GPLed code have a right to access the code, view the source code if they desire and change it. The source code but not the binaries. Access does not mean you have the right to get into the servers. There are many other ways to have access to the source code. Even hard copy text. It is also not wrong for whomever is holding the source, you want to view, to charge for the means of access. Say for instance, I won't let you into my server but I will send you the source code on cd for a small charge to cover the cd and shipping. That's all I have to do. It is no different for Slackware or Debian.So as you can see all of this posturing and fud is really much ado about nothing.15 • @13 Ubuntu vs Mint (by vw72 on 2014-02-24 16:34:29 GMT from United States)
The difference between Ubuntu/Debian and Mint/Ubuntu is that Ubuntu took the debian source code and compiled and packaged it. Mint is using the Ubuntu packages themselves. GPL licenses source code, not binaries.

Because of this, Mint is really an unapproved derivative and not a separate distro. A simple test to tell the difference is whether or not a distro uses its own repository or uses the upstream repository from which they created their distro. If they are dependent on upstream for the majority of their binary packages, they are a derivative and need to abide by the upstream's rules.

The GPL means you have to distribute the source code. It doesn't mean you have to let others use your binaries and packages that you have used considerable resources to create. While it is easy to hate on Canonical/Ubuntu, they aren't in the wrong. It would be no different than Mint getting upsest and trying to stop somebody from marketing Spearmint by taking the good work their developers have done and calling it their own.

@6 posited that Mint should create their own repository with their own compiled packages. That would be the first step to becoming a separate distro. As @7 pointed out, they don't have the resources to do that, though (surprising since Mint is touted as being more popular than Ubuntu). Without their own resources, they are dependent on Canonical/Ubuntu for their existence and as such, they need to play by their rules.16 • Chakra review (by Angel on 2014-02-24 16:59:51 GMT from Philippines)
@8, dragonmouth.

I routinely install Ubuntu or derivatives without all the language packs. I just install offline. Here in the Philippines bandwidth is not abundant. It can take four hours or more to install with language packs and updates while on the internet, and only 20 minutes or so if not connected.

As far as video drivers, I install Ubuntu or derivatives several times a month and I've never seen any but native drivers included. If those were not included, I'd have a hard time installing, considering all the different PCs I deal with. Proprietary drivers are optional and can be downloaded after installing.17 • Mercy for the Canon (by Somewhat Reticent on 2014-02-24 17:55:04 GMT from United States)
The GPL requires source code access; it also allows recovering costs of distribution, including server costs, right? Surely, if Linux_Mint becomes a "recognized official community-maintained derivative" 'org', Canonical can be as generous as they are for Xubuntu.org or Kubuntu.org?

Searching "OmniGlobalEverywhere" when the user has a less-than-global interest is, InMyHumbleOpinion, entirely appropriate for an emergency. If this is the only option in an OperatingSystem, then I suggest that OS is perfectly suitable - for a certain class of persons for whom everything is an emergency (relative to the rest of us, at least). Such people exist; many are affluent, and believe they need a certain class of device to adequately maintain their social connection(s). The current frenzy among manufacturers and developers competing for this unfortunately limited (and allegedly lucrative) market is understandable; it's only human that some related marketing hype might exceed an appropriate scope. Such excesses should be corrected, of course, for the good of the community, but there's no need for rudeness or spite.18 • Preventing unwanted remote logins (by Pascal S on 2014-02-24 18:04:43 GMT from France)
Fail2ban seems to be another option : http://www.fail2ban.org19 • Ubuntu, Gnome, & OpenBSD (by M.Z. on 2014-02-24 19:20:16 GMT from United States)
I'm glad that Canonical did something, but they should try using their whole butts when claiming to care about users. They half way fixed the problem, now why not try adding a check box to the installer that says 'support Ubuntu while seeing offers from our partners' or something to that effect. I know that they have other things on their mind, but it shouldn't be that hard for them to fix.

I sort of think that Gnome has a similar issues, because they seem completely incapable of going back to any of the desktop model that they once used. If they provided some flexibility & saner defaults I think at least some of their old users would come back, of course every fix they do apply doesn't seem to address the real issues & many of the updates seem to make things worse. Keeping all that in mind I would like to reply to the following statement from the linked OpenBSD posting:

I would say that that, like most other command line stuff, was a bit intimidating to many noobs. A few years back before I had done much of anything with the command line I would have that the the above statement was terrible, perhaps not because of what it said, but because of how it was said. If I translate thins into how a noob might read it, I think it would look something like this:

" some jerks think I'm elitist, but see how easy it is -

#@^Q&@^#Q* - Command line gobelty goop that may as well be in Greek - $#^&*$^*!(*&^%# - Haha, I can tell my system to do something that you don't know what it is - @#$%*(^&

Now see how easy that was you dummy!! "

So yes, it does come off elitist, and no, you are not helping. Also, when that is all done with I would be left with Gnome 3, which is a complete pain in the butt and doesn't really help either. The ending with "... oh yeah that was "hard"! " seemed to me to be an especially tone deaf, & yes elitist, slap in the face to people who aren't command line gurus. Of course if this had instead use a phrase like 'now that wasn't so terrible', the post might have actually done something to combat the claims of being elitist, but of course it did the exact opposite. All in all I would say that section of the post was filled an overdoes of tone deaf irony.20 • @15 Ubuntu vs Mint - vw72 (by Czanat on 2014-02-24 19:40:24 GMT from Poland)
What is Mint would be the question, and then ask what is Zorin OS, or Pinguy OS etc.

Mint is just Ubuntu with some added Mint's own applications, some deleted Ubuntu's applications, some different wallpapers, with an empty /etc/apt/sources.list and with a Mintupdate that won't update as any other Ubuntu based distro.

Zorin OS (or Pinguy OS), for example, are also have some Ubuntu's own applications deleted, and with some of their own applications added etc, but would update from Ubuntu's repos.

If one is using a distro that has binaries, which would be updated only through the mother distro's repos, how could a distro say that it is much more safer than the mother distro? Ubuntu is much safer than Mint. Zorin OS or Pinguy OS would be much safer, as they update using the Ubuntu repos.21 • @7 (by :wq on 2014-02-24 20:01:57 GMT from United States)
Mint wouldn't necessarily have to do this on their own, at least for the bulk of packages. There are other stakeholders who could benefit (i.e. the other derivatives which aren't "recognised Ubuntu flavours"), and there are commercial interests as well which already support and/or rely on some of these derivatives. The desire/need for rebuilding from source and hosting is largely contingent on what Canonical is asking of derivatives, which is not entirely clear, though even if this matter is resolved satisfactorily, it might still be worth it if only to avoid similar future headaches (that would have to be measured against the potential headaches incurred by change), and to allow for forming more distinct individual identities as distributions.

I think the manpower is there (particularly if the workload is shared among several Ubuntu derivatives), but it might require shifting some resources from other areas. It's a matter of prioritizing value added.

Hopefully all this static proves to be a nonissue.22 • Preventing unwanted remote logins (by RollMeAway on 2014-02-24 20:25:24 GMT from United States)
Fail2ban is the application you want. It is in most all distros' repos.Just install it. Nothing to edit, unless you want to tweak.Check it out.23 • @20 - saftey (by M.Z. on 2014-02-24 20:40:13 GMT from United States)
@24I don't think you get what's going on with Mint updates vs Ubuntu updates. When I update Mint I get all the Ubuntu updates I want, and can chose how stable the updates are. I've had direct Ubuntu updates make my system unusable before when I set Mint Update Manager to update all packages from 1, the safest, to 5, most likely to mess up your system. These were updates directly from Ubuntu, and Mint did a good thing in making users aware that problems can occur. The Mint team has also been doing more to try and verify the quality of kernel updates and send them out to users to improve their security. I personally run all updates from level 1 to level 4, and I think my system has a perfect balance of security and stability for my needs. Whatever anyone says about the default Ubuntu updates, I've had issues. These problems can seem as bad to inexperienced users as the bugs or security issues the updates are meant to fix, or perhaps even much worse. I think Mint did the right thing by empowering the user, let them decide how to best manage their system. I personally feel that update stability is a bigger problem than whatever level 5 updates might fix, and I respect the defaults used by the Mint team.

@25Agreed, I've though the same thing before myself. It would be hard to imagine all the Ubuntu based projects out there not being able to fork if they came together and cooperated.
24 • @19 (by Curious on 2014-02-24 21:02:12 GMT from United States)
If editing configuration files scares you, why are you using linux?
25 • Config files? (by M.Z. on 2014-02-24 22:28:03 GMT from United States)
@24The fact is there are plenty version of Linux that don't require editing config files, & one can easily make due their first few years without doing so, & some may never feel the need to edit config files. I have used the command line, & I've created a config file that forced KDE to do what I wanted it to do, but that doesn't mean that it is necessary for everyone or that people should have an elitist & anti - noob attitude.
26 • Mint, Ubuntu (by Darren Stewart on 2014-02-24 22:30:13 GMT from United Kingdom)
Suppose Ubuntu push the mint thing to the edge. The downside is everyone knows mint is derivd from Ubuntu, and were mint to make a severe change to say ... debian, Ubuntu would lose a large portion of ubuntu derived userbase.

Ubuntu has worked hard to work its way somewhat to the level of red hat, debian levels. Its now recognised as something akin to a third branch. But it needs the third party derived variants to keep its momntum and base. If the derived variants ar driven off, thats an eroded userbase, and you lose a part of the base you have built.

Losing mint would be epically stupid. Mint remains a shining light in terms of what ubuntu can be made into. Its ben a leading linux for an extended time.27 • @ 25 (by Curious on 2014-02-24 22:40:57 GMT from United States)
You're using a server OS and complaining that you might actually have to learn how to use it in a manner that it was not intended to be used. Good job.

Also, every single version of linux that is not a live distribution requires editing config files to be secure enough for daily use on the internet.
28 • @7: Canonical Has Right to Block Public Access to its Servers (by joncr on 2014-02-24 22:51:21 GMT from United States)
@7:

I have no idea how many people are in the Mint corral. I'd bet, though, that it is more than CentOS, which manages to rebuild RHEL.

In any case, nothing in the licenses that underpin FOSS say you must give away your binaries, and nothing in the licenses says you must host your binaries on servers available to any member of the public. Ubuntu would be perfectly in sync with FOSS requirements if access to its servers was limited to registered Ubuntu users.

Of course, that would irritate a lot of people who think the essence of FOSS is giving everything away for free and depending on magic to replace the resources spent on making all that stuff.29 • @9: Mint Uses Ubuntu Binaries (by joncr on 2014-02-24 23:00:01 GMT from United States)
Mint does not rebuild Ubuntu source. While a small minority of packages in a Mint distro are unique to Mint, the majority are pulled straight from Ubuntu. When a Mint user updates, most of the updates come directly from Ubuntu servers. Check the contents of sources.list.

Per the GPL, et al, Mint has every right to use Ubuntu source. But, it doesn't. It uses Ubuntu binaries.30 • @19 (by aja on 2014-02-24 23:35:28 GMT from France)
These commands are copy/pasted from the OpenBSD GNOME README documentation. I don't see how hard it can be even for people afraid of the command line to just copy/paste things...Check out the Ubuntu HOWTOs, they are doing pretty much the same, printing commands you can copy/paste or at least that help you get started.
31 • Debian, Ubuntu, GPL (by GNUday on 2014-02-24 23:51:47 GMT from Canada)
I wonder just how many of those 40G packages of Ubuntu's were actually 'changed', of course they would have to change them slightly to be compatible with their already slightly proprietary OS.32 • leet crap (by M.Z. on 2014-02-25 00:16:28 GMT from United States)
@27If everything Linux was meant to be a server OS then why in the heack does it dominate the smart phone market in the form of Android? Why on earth would Mint, Ubuntu, Magia, PCLOS etc. push Linux on the desktop? There are some silly people out there who claim that Linux is an instant cure all for security, but I think you are an entirely different kind of silly which is directly opposite. Linux is an open source project that can be used however one wants to use it, and many distros package it as a fairly easy to use alternative to other big name desktop OSs. You seem to be living in some corner server room that is far away from the reality of what websites and user communities like distrowatch represent. Linux seems to me to be a fairly viable alternative to other desktop operating systems, and while it isn't perfect I don't see how anyone can claim with a straight face that it needs any more manual configuration than any other desktop to be fairly secure.

There are lots of good desktop oriented disros around, and there are also lots of good super geek, leet hacker distros around. The two don't seem to mix as nicely as the could due to certain RTFM/ why didn't you know the command line when you were born type attitudes. All I would really like to see from the uber nerds is a little more sympathy for people that are trying out Linux & other Unix clones. Everyone has to start somewhere, & some people may never use any OS to it's fullest potential, but please don't put them down for trying. I've messed a few things up pretty bad along the way, but Linux has been a great learning experience for me & I think more people should try it. If noobs are given a little room and encouragement they may convert & begin to use their new OS better & better as time goes on. I know I have.

Also @32, if desktop versions of Linux were so insecure, why is it that I seem to remember them being the least hacked OSs at the pwn 2 own contest? If you can't answer that one, the rest is just FUD. See here:

http://gizmodo.com/373779/linux-last-man-standing-in-pwn-2-own-thunderdome33 • @15/vw72 (by GNUday on 2014-02-25 00:18:23 GMT from Canada)
Although you made a lot of good legal points, when all the smoke clears, Canonical still can't SELL any of it's software that contains GPL code anyway (i.e. billing Mint, they can always sue Mint to cease and desist and further damage their image), so that leaves the MS style install hash verification. IMHO, Clem made a big mistake dancing with the devil in the first place, corporate always means license choke, no matter how small the detail(s).

And there is still Canonical's 'Windows 8' marketing and build strategy approach to Ubuntu, create a Carpal inducing aesthetically unpleasant snoopy OS across all devices, lol, I wish them luck with that. The revenue from the snoopware (Amazon) is how they are getting around making money from GPL code, thanks for bringing that up btw.
34 • Selling (by Marco on 2014-02-25 00:34:13 GMT from United States)http://www.gnu.org/philosophy/selling.html

As long as they offer source for their GPL S/W, of course they can restrict / sell access to their binaries. RHEL does that, and its clones have to build their own repos.35 • @31 (by :wq on 2014-02-25 01:06:00 GMT from United States)
"~75% of the archive comes from Debian unmodified in Ubuntu" (https://lists.ubuntu.com/archives/ubuntu-devel/2013-February/036557.html)

Good Job Sir. Hopefully you continue to do this in future reviews.37 • Qupzilla (by Fence Post on 2014-02-25 07:09:38 GMT from Australia)
Yet another, corny, geeky, senseless, awkward and embarrassing name for a software package. This will never gain wide acceptance with such a idiotic name - despite it being a good product.38 • #37 (by zykoda on 2014-02-25 07:54:03 GMT from United Kingdom)
Indeed the aardvark of names, but I fail to see the qualities you ascribe to "Qupzilla", but am willing to be enlightened. However, a name to remember, considering its excellence and small footprint.39 • Mint and Ubuntu (by Koroshiya Itchy on 2014-02-25 09:32:27 GMT from Belgium)
Mint should switch to Debian. If they need a few packages they like from Ubuntu, they can always rebuild just those and add them to the Mint repos.

The transition can be quite of a pain, but it is the best strategy on the medium/long term. Debian will never bother Mint as Canonical does and, besides, if Mint tries to stay 100% compatible with Debian, this will also benefit the entire Linux landscape as a whole.

Of course, this would be a pretty serious blow for Ubuntu itself...40 • Qupzilla? (by Mark E on 2014-02-25 16:28:59 GMT from United Kingdom)
I'm trying to figure out what Qupzilla actually might mean. I understand the -zilla part, but what is 'qup'?Not many people must be wondering about that, because it's not on the FAQ page of the project's website.

I'm sure these names must mean something to the people that develop them, but it's not always clear to the end user.41 • Qupzilla (by Dave Postles on 2014-02-25 18:46:15 GMT from United Kingdom)
Presumably part of it because built with Qt?42 • @33, Yes they can. (by Garon on 2014-02-25 19:46:43 GMT from United States)
"Canonical still can't SELL any of it's software that contains GPL code anyway"As long as they offer access to source code, yes they can sell their binaries. Unless you disagree with the GPL, what beef do you have?

@39,LinuxMint already tried that and it was more of a blow to LM than anyone else. LMDE

And I guess what everyone is saying is that in order for anyone to make money from code, it all has to be proprietary. If you don't agree with the GPL then go another route or try to have it changed. As far as Amazon goes, that is business and if a person doesn't know how to turn it off (so far I haven't met anyone who didn't know) then so sad for them or if you don't use Ubuntu then it's not really any of your business. People are alway saying that Canonical is tricking people into using these services. Very strange that the only ones complaining are not the ones who are supposedly being tricked but the ones "who say" they don't use the distro. Very strange indeed.43 • @42, did your read post 35? (by GNUday on 2014-02-25 20:41:01 GMT from Canada)
Have a look at those links (thanks for the links :wq), you will see a great number of the packages in the UBUNTU repositories are UNMODIFIED from their Debian states, so that means Ubuntu the pot is calling Mint the kettle black. You can nit-pick the legalities until the cows come home, when the smoke clears, Canonical is still acting like a huge bully corporation that wants return for their investment, the only problem with that is, they 'borrowed' material that was done IN THE PUBLIC INTEREST and now they want to 'own' it. If they have a beef with Mint about Mint's default repo sources, that's fine but they are setting a bad example and precedent, speaking of picking on Mint, are they going to send a lawyer to the door of EVERY distro that uses their binaries or lists their repos in their defaults? They are SELECTIVELY picking on Mint because they are so popular now and far exceed the appeal of aesthetically ugly and functionally clumsy Ubuntu snoopware. If this is supposedly only about the load on Ubuntu servers, would Canonical still throw a hissy fit if Mint used primary Ubuntu MIRRORS in the their default repos instead?44 • LMDE @42 (by Koroshiya Itchy on 2014-02-25 20:47:55 GMT from Belgium)
No, they didn't. LMDE was a one-man show (and yet I was quite popular). It is not like putting all of (or most of) Mint resources on that one basket.

In addition, LMDE was a rolling release based upon Debian testing. That was great, but at the same time it is a risky thing.45 • LMDE (by Peter Besenbruch on 2014-02-25 21:25:54 GMT from Austria)
I have tried Linux Mint Debian Edition a few times, but have always found it unfinished, a bit buggy, and slow. It's hard keeping in sync with a semi-rolling release like Debian's testing. There's a risk to the user simply using straight Testing, but adding the Mint extras to it is simply asking for trouble.

A Mint release based on Debian's stable branch would be a better option. Yes, the software would be a bit old, but you get the stability of not having to worry about breakage. Indeed, Ubuntu frequently has problems due to its six month release cycle. Mint additions on top of that will not fix what is broken in Ubuntu. Even the Ubuntu long term releases can be buggy initially, only becoming stable when they sync up with the next Debian Stable release.

How would Mint address the issue of old software? By using Debian's solutions of a backports repository (I use it to update the kernel, if needed, as well as LibreOffice), an Iceweasel (Firefox) release repository, and a widely used multimedia backports repository (deb-multimedia). Mint could start by tapping directly into those. If they got ambitious, they could add other packages to their own repository. If they did this, LMDE could be a much better product.46 • @#14, 29 (by Shawn on 2014-02-25 22:56:53 GMT from United States)
Ubuntu has indeed changed, quite significantly in fact. I've been a Ubuntu user since it's inception and was part of a forum dedicated to helping new Linux users find their way in Linux (SlackAddict, OpenAddict) and back then Ubuntu was all about the community when it came to which direction their distro was going to go. Remember the ShipIt CD's? That was something special. Fast forward to today and it's not the same. I understand the concept of evolution and change and things of that nature, but Ubuntu has since gone corporate and I'm not holding that against them. If they can make a business out of open source software more power to them! I'll do the same.. I'm no expert, but I can manage to create things that do not yet exist that someone, somewhere might buy :)

As for binaries vs. source, if you're going to add trademarked logos to the codebase, then how can it truly be open source? I understand the Red Hat/CentOS relationship and how both distro's are related closely to one another, but this isn't the same relationship Mint and Ubuntu SHOULD be having right now. Back in the day when people were saying that Linux is becoming too segmented I didn't see their point of view too clearly. Now I do. In order to create the binaries, you have to compile from that source, correct?

I've read through the legalities, but I just find it frustrating people are trying to monopolize code that was freely written and distributed in the "spirit" of the GPL and now we're talking lawyers and corporations and things of that sort. This is what I meant by missing the OLD Ubuntu. Back then, it truly was a community effort that I was happy to contribute to. Didn't take much to use remastersys, add some backgrounds and logos and call it a distro. That's where we're at now it feels like.47 • Mint and Debian (by fernbap on 2014-02-25 23:49:25 GMT from Portugal)
Shuttleworth had the right idea by creating the policy of 2 releases per year. "Release often" is a great marketing tool.Sure, Mint could concentrate its resources on a debian based Mint, but then the release often policy would be impossible to mantain. With Ubuntu, Mint has a supported snapshot of debian every 6 months, and so is able to release every 6 months.Moving to Debian would be tricky: which Debian? Stable? there goes the 6 month release policy to the drain.Testing? Well, they tried with LMDE, and LMDE could improve greatly if Mint devoted its resources into mantaining it, following a cicle of updates according to the "semi-rolling" principle. But then, that is exactly what Ubuntu does! it presents every 6 months a tried and proven (or not so much) snapshot of Debian.Mint is at a crossroad, no doubt about it, but following Ubuntu releases is just too convenient to be abandoned.48 • @43 (by :wq on 2014-02-26 00:13:16 GMT from United States)
I would be careful about comparing Ubuntu's relationship to the Debian Project with Linux Mint's relationship to Ubuntu, as one isn't precisely analogous to the other (see comment #29 by joncr).

"Most source packages in all Ubuntu components (about 4 in 5 at the time of this writing) are copied unmodified from Debian, but other sources include apt-get.org, directly from organisations such as Blackdown and WineHQ, software which has been packaged by Ubuntu developers, and packages created specifically for Ubuntu.

In some cases, the same upstream software is packaged separately in Ubuntu and in Debian, though this is to be avoided unless there is a justifiable reason to do so.

Where packages in Debian and Ubuntu have a common heritage, the packages use version numbers which reflect this." (https://wiki.ubuntu.com/Ubuntu/ForDebianDevelopers#Packages)----As regards this licensing dispute, different narratives are emerging from different camps, and even within the same camps (and some 'clarifications' have been largely vacuous) as to whether this about trademark, binaries (as copyrightable), (access to) repositories, a derivative eating its parent's lunch (okay, I added that one), or some nebulous combination of these.

Also, I left out the "Restricted" repo in #35 because the pie chart's formatting is bad, and "Repackaged" is superimposed on "Unmodified" (only "fied" is visible) such that it could be mistaken at a cursory glance, and I felt like the other info taken together pretty much told the story, but for the curious:https://merges.ubuntu.com/restricted-now.png ("Repackaged" would be the hardly visible green sliver to one side of the (dark) blue "Unmodified" slice)https://merges.ubuntu.com/restricted.html49 • @48, I hear what you are saying but... (by GNUday on 2014-02-26 01:55:27 GMT from Canada)
If Mint were just some fledgling, obscure distro, Canonical wouldn't be banging on Mint's door, I too tried Ubuntu many moons ago, didn't much care for it and then found Mint and had a 'wow' moment, "this is great", I thought to myself, but because of the corporate ties of the Mint base (Canonical), I made a moral decision to stop using it (I now run Debian stable Xfce), same moral decision I made about Windows, my bought an paid for legal Windows. Ubuntu is a derivative of Debian, Mint is a derivative of Ubuntu, and so the food chain goes.

Mint should use mirrors in their default repo lists in the interim and start building their own package base, Ubuntu can't stop Mint from using 'modified' packages, if I'm not mistaken, the GPL says you can "modify" code but you have to share it, but you can make money 'supporting' your modifications and even the base source code.

If I may put my tinfoil hat on for a moment, lol, and make a prediction, I am betting Ubuntu may try to strong-arm Mint in to including Ubuntu's 'desktop search' in Mint's flagship distro in exchange for continual milking of the Ubuntu 'cow'. If I'm right, Mint's user base will drop off too.

I think I'll back away from this topic now because I no longer use Mint or Ubuntu, I don't have to worry about any local searches that get transmitted from my machine or licensing issues (very reminiscent of my Windows days). Now where did I put my credit card so I can make a donation to still 'free' as in 'freedom' Debian, lol.50 • @49 (by :wq on 2014-02-26 02:46:08 GMT from United States)
"If Mint were just some fledgling, obscure distro, Canonical wouldn't be banging on Mint's door..."

I do not disagree with the essence of your assessment. I haven't heard of any other derivatives being contacted since Canonical's trademark policy was updated 2013-05-14. There are plenty of other Ubuntu derivatives that would be in the same boat as Mint with regard to Canonical's "IPRights Policy" and related issues, and I doubt many, if any, have sought Canonical's permission or have paid Canonical a cent. It's possible some have been contacted, but it seems like someone would have spoken up by now if that were the case. I think the core truth of the matter came to light in Jesse's Q&A with Clement (DWW, Issue #537), when Clement said, "The licensing aims at restricting what Mint can and cannot do, mostly in relation to the OEM market, to prevent Mint from competing with Canonical in front of the same commercial partners."51 • LMDE: @45 @47 (by Koroshiya Itchy on 2014-02-26 07:43:09 GMT from Belgium)
In my humble opinion, there is no need to have 2 releases per year. No matter how good that might be from the marketing point of view, it requires far too much effort and it is, from a practical point of view, absolutely pointless. In fact, that is one of the main reasons behind Ubuntu's deficient quality control.

Yes, it may make certain hobbyist excited about the new releases, but without adequate quality control an OS cannot be taken seriously in professional and corporate environments.

One release per year would be more than enough.

Another department where one could reduce some superfluous work is that of Desktop Environments. OK, trying every DE on earth can be a way like any other of spending their day for hobbyist with plenty of free time. I personally would put all my eggs in two baskets: one for the desktop and one for the touchscreen devices. Both should be lean but full-featured. For the desktop I would go with Mate.

As for the base system, Debian Stable plus backports plus extra repos would be a sane and easy-to-maintain option. Most users do not need at all the latest versions of software. Again, that is a thing for hobbyist.

Another option would be freezing Testing or even Sid the same way as Ubuntu does. The problem is that that strategy requires plenty of resources. But maybe, there is a middle way, using Testing or Sid but restricting updates in a Mint-controlled way. This should allow using directly the Debian repos for most packages.52 • stable (by greg on 2014-02-26 14:38:01 GMT from Slovenia)
one of the issue with debian stable is hardware support. while porgrams are easilly solved the issue is hardware compatibility. even ubuntu with it's release cycle has occasionally troubles keeping up it seems.53 • Mint and Ubuntu (by fernbap on 2014-02-26 20:53:42 GMT from Portugal)
@51:"In my humble opinion, there is no need to have 2 releases per year"Sure, i agree. The need has to do with marketing, which reflects on popularity."As for the base system, Debian Stable plus backports plus extra repos would be a sane and easy-to-maintain option."Which is exactly what a few "small" distros are doing. Perhaps the best example would be Point Linux, which is mantained by a single person, or Crunchbang. However, Mint is sailing in other seas.@53:"Right now, Mint has some following, because it is based on Ubuntu, and when it moves to Debian, Mint would simply die away"The facts show precisely the opposite. Crunchbang used to be Ubuntu based, and the move to Debian only increased on its popularity (and quality, i might add)."Who is going to do all the work Debian is not doing, (but Ubuntu is doing) by Mint?!"Depends on the work. Most of the work Ubuntu does has to do with the stuff that is relating only to ubuntu, and not Mint.Example: Mint had to fork Nautilus from Gnome 3, which means that the fork is from the Gnome project, not Ubuntu. Mint is also a major contributor to Mate development, which has nothing to do with Ubuntu as well. The reemergence of Mate DE (which is logical, since Gnome 3 moved completely away from the users preferences) is due in an important way to Mint development.Therefore, I find funny how some people continue to insist in stating that Mint contributes nothing, and just leaches from Ubuntu and Debian.Personally, i would approve a move to Debian, for the same reasons why Crunchbang did it. Pure Debian based distros usually are lacking in some areas that are exactly where Mint shines, due to its own development work, never forget that. Debian would benefit from it as well."In other words, without the real work by the Ubuntu devs, Mint wouldn't have happened"That might have been true during the Gnome 2 area, when Ubuntu contributed a lot to the Gnome desktop, but isn't true anymore. Most of Ubuntu development is focused in Ubuntu exclusive products, like Unity. So, Ubuntu no longer as important to Mint as it used to be.54 • LMDE@45 (by maurice heneghan on 2014-02-26 21:13:04 GMT from United Kingdom)
LMDE used to be a very good distro. You will find that Solydk which is based on LMDE is a very good alternative.55 • @ 53 • Mint and Ubuntu - fernbap (by Czanat on 2014-02-27 08:05:36 GMT from Poland)
>@53: "Right now, Mint has some following, because it is based on Ubuntu, and when it moves to Debian, Mint would simply die away"The facts show precisely the opposite. Crunchbang used to be Ubuntu based, and the move to Debian only increased on its popularity (and quality, i might add).<

Its quite interesting know, who you are addressing your comment.

By the way, I checked the LMDE website yesterday, and it is asking us not to download LMDE 201303, until the next LMDE 201403 would be released. The reason given is "To avoid tedious updates and unnecessary problems." LMDE is supposed to be a semi-rolling distribution based on Debian Testing, though.

Anyway, I still consider that Mint would die away, at least its popularity would, if it moves completely to Debian base. Crunchbang is quite another type of distro, which still uses older Linux kernel.

Crunchbang is; "With the exception of a few packages, CrunchBang is built entirely from packages available from the Debian repositories."56 • Mint and Debian (by Koroshiya Itchy on 2014-02-27 09:57:29 GMT from Belgium)
The second main problem I see for Mint moving to a Debian base is that quite a lot of people make intensive use of Ubuntu's PPAs.

The only other significant problem is, as I mentioned before, choosing the right balance between stability and up-to-dateness with the available resources.

But, maybe, Mint could obtain additional resources by teaming up or even merging with other projects with the same goal (making Debian easier to use for novices).

As it has been pointed out by others, there are excellent distros out there sharing the similar goals:

..................................................... "One size fits all" never does.58 • @ 56 • Mint and Debian - Koroshiya Itchy (by Czanat on 2014-02-27 17:19:50 GMT from Poland)
> The second main problem I see for Mint moving to a Debian base is that quite a lot of people make intensive use of Ubuntu's PPAs. <

True. Some of the PPAs can be installed in Debain based distros, for example Slingshot launcher.

> The only other significant problem is, as I mentioned before, choosing the right balance between stability and up-to-dateness with the available resources.<

If Mint user doesn't get updates and upgrades from Ubuntu repos, Then Mint would be always few steps behind the Ubuntu user.

> But, maybe, Mint could obtain additional resources by teaming up or even merging with other projects with the same goal (making Debian easier to use for novices). <

This is exactly why Mint would never become only Debian, this not that easy for novice matter of Debian.

There was a big excitement, when Mint released LMDE, but Mint couldn't hold on to that line, and the main developer left Mint. I await the release of LMDE 201403 and hope it'd be much better and thought of than the last release.

The alleged Mint popularity only proves how good its base is, which right now is Ubuntu, and if the Debian base is that good, may Mint go that way.59 • Making money or what. (by Garon on 2014-02-27 20:02:13 GMT from United States)
I often wonder what the goal of a lot of these distro projects amount to. I know what the goals of say Red Hat or Canonical are but what about the others? Hell I even know what the goals of distro projects like gNewsense are. I know that some are just for fun but others are a mystery. It really is a comedy to watch sometimes, and to listen to the way people say a business model should work to be successful. Most don't have a clue.lol. Some say if you are successful then you are EVIL. I say that people worry too much about something that doesn't concern them. I use to but it was giving me worry lines and keeping me up at night. Now I sleep good and I don't worry about what my neighbor is doing with his computer or what he has running it. Let's all try to get along. We'll be better off if we do.60 • @58 (by Koroshiya Itchy on 2014-02-28 07:10:12 GMT from Belgium)
Ubuntu's base is Debian. So switching to Debian just implies removing the middle man.

Ubuntu is easy Debian and Mint is easier Ubuntu. There is no reason whatsoever why a Debian-based Mint should not be easier than Ubuntu.61 • Austrumi FTP server username/password (by ILoveLinux on 2014-02-28 12:17:39 GMT from Germany)
I tried to download the latest Austrumi ISO, but the ftp link provided asks for a username/password. Couldn't find anything about it on the Austrumi homepage. Did I overlook sth obvious?62 • @59 Re: Making money (by GNUday on 2014-02-28 17:33:16 GMT from Canada)
That's all good but why didn't Canonical take a vanilla kernel and write their own OS? Kind of like me borrowing your car to be a free-lance delivery guy, topping up the gas tank and quietly putting it back in your driveway every night. Canonical wants their cake and eat it too, besides being all over the development map, I'm not going to waste my time with Mint when their base OS keeps changing development directions as frequently as one changes their underwear. Spyware (Ubuntu's information transmitting desktop search on by default) and license sabre rattling are why I left Windows, why would I want that in what is supposed to be a 'free' as in 'freedom' OS, regardless of it being the 'mother-ship' distro or derivative (derivatives are affected by the corporate mother-ship OS). You're right, if you're OK with all that, than by all means, enjoy, myself, I'll stick with pure, stable GNU.

Actually, I'm no saint either, because in Debian, I install non-free codecs, firmware, etc, after the OS is on the drive, but at least the option is there and I have the CHOICE whether to do so or not. Choice and freedom, the two main ingredients.63 • LMDE, Ubuntu, SolydK (by Cork on 2014-02-28 20:13:09 GMT from United States)
I have no major issue with Canonical; I tried Ubuntu, didn't like Unity, so I choose to use something else. I tried Mint and enjoyed it, but it was too slow on my machine and Cinnamon was too buggy. LMDE was interesting but did not have an official KDE version - when SolydK started up I began running it as one of my preferred operating systems and have found it stable and easy to use. My guess is that having the Debian base rather than the Ubuntu base enables it to run decently fast on my brain-damaged Atom processor despite having a full-featured desktop environment. It is easy enough to use that it is one of the two operating systems I recommend for people switching from Windows, the other being Mageia. I suppose the point I'm making is that it is indeed possible to create a user-friendly, stable OS based directly on Debian and bypass Ubuntu; one need only look at SolydK or SolydX to see the path.64 • LMDE SolydXK security? (by Leonhard Euler on 2014-02-28 21:03:25 GMT from Austria)
I like the concept of the LMDE, but I am a little bit worried about security. Basically they freeze Debian testing for a couple of month together with all (known) security holes. Maybe I am a bit paranoid, but I am more comfortable with a distro that offers continuous security updates.

That seems to work (and goes on working : else, wget can use --no-check-certificate option)

Six monts releases seem a great improvement Ubu linux offered to the world (ther would not been bugs, and hardware evolutions would be followed). Since PCs are less and less sold, hardware evolutions seem less important and Fedora/Mageia evolved from a short sight fashin to a reasonable release lag (and most people are not interested at all with what is new : there was a serious demand to add 5 other years to XP life and Microsoft was wise enough to make the difference between 14 years serious needs and childish 6 month whims ...)66 • Austrumi (by ILoveLinux on 2014-03-01 18:24:50 GMT from Germany)
@65 Thanks for the tip to use wget.I've already tried several other download managers (FatRat, MultiGet, KGet), and it's funny: the Austrumi ftp server presently does no longer ask for the login credentials immediately at the start of the download, but sometime during the download, preventing me from finishing it.

Perhaps Austrumi configured the server to only allow a certain amount of users concurrently connected to prevent it from being overloaded, but shouldn't it just prevent NEW users from accessing the server, while allowing already connected users to finish their downloads?67 • Graphics problems on new dual-graphics laptops with all Linux distributions (by Charles on 2014-03-01 19:01:50 GMT from United States)
Recently, I've noticed that quite a few people have purchased laptops with dual graphics, Intel 4400 and AMD Radeon HD 8670, for example. They have a variety of severe problems getting Windows 8.1/Linux distributions to work properly on them after smooth Linux installations. In my case, my Dell 17 3737 shows inverted colors (red is green, green is purple, blue is indigo, white is white, black is black) and very grainy, pixellated graphics with all the 64-bit distros I've tried, including Linux Mint Mate 13 and 16; Ubuntu 12.04, 12.04.4, 13.10 and 14.04 gnome beta 1; Korkora 20; and OpenSUSE 13.1 GNOME. There are various "fixes" reported on Linux blogs, involving complicated and only partially explained procedures, which work for some users but not for others. It seems like an AMD graphics driver problem, but no one can say for sure. For us non-experts, the easiest fix would be a distro that had the graphics fix built-in, or a fix could be loaded in some other easy way.

My questions are these:1) Is this problem as widely spread and widely known as it appears to me to be?2) Do you know if any of the distro-wizards are working on incorporating a fix in an upcoming release? If so, which release should we be keeping an eye on?

Many thanks68 • Dualgraphic problem (by tuxtest on 2014-03-02 00:20:14 GMT from Canada)
I have a lenovo laptop with dual-graphic card intel and ati. I have no problem under OpenMandriva or PCLinuxOS and OpenSuse 13.1 Gnome.But I had some problems with other Distro which Korora. You have an option in the bios you can disable dual-graphic card. Which is not really useful to me in a standard use of Linux.Recap1.Suggestion: go in bios and desable function dual card and restart your PC for installation.2. Download PCLinuxOS or OpenMandriva and try again in dual-graphic card

good luck69 • @67 : dual graphics (by tony on 2014-03-02 06:26:15 GMT from Thailand)
I have a Lenovo G470 Laptop with dual graphics.I have zero problems with PCLinuxOS or any other Mandriva/Mageia related distro, I have not tried another distro.70 • @60, yes, there are many of them... (by OnlyFOSS on 2014-03-02 22:05:54 GMT from Mexico)
"Ubuntu is easy Debian and Mint is easier Ubuntu. There is no reason whatsoever why a Debian-based Mint should not be easier than Ubuntu."

Man power, resources, time, etc.

Make Debian more user friendly (Ubuntu work), it's a GIANT work, much more than become Ubuntu more user friendly (Mint work).Ikey Doherty (Main ex-LMDE developer, Solus Os funder) tried 2 times, first with Mint and last with Solus, both failed.The reasons are as I quoted above.Mint to have the success it currently enjoys with the Ubuntu base, using the Debian base, need a team and support similar to that Ubuntu had its inception in 2003-2004.71 • Debian 'difficulty' (by GNUday on 2014-03-03 03:37:09 GMT from Canada)
Why do people talk about Debian like it's some cryptic and extremely hard OS to install and use? It's not anymore difficult than a Windows install/setup, actually easier IMHO. Just because Debian doesn't hold your hand and it's still a bit old school locked down (which is a good thing), doesn't make it a scary cryptic ordeal. Back when I used some Ubuntu based distros, I did my share of searching for this fix, that config. Ubuntu, Mint, etc, are easy because they've left the GNU/GPL philosophy in the dust and created hand holding 'training wheels'. Well I kicked my training wheels off and I'm very glad an OS like Debian is around, not only is it a pleasure to install and use, I got it to run on my exotic setup, unlike a lot of other so-called popular 'beginner friendly' distros. There's a reason why Debian has the most derivatives of all the old base distros, it's good, hands down (that includes any Ubuntu derivatives, since Debian is Ubuntu's base). If you don't like the default Debian Gnome 3.x desktop, there are other choices, I dumped bloated KDE and am an Xfce convert, loving every minute of it.

HOT! Beyond Linux From Scratch is a book that provides a broad range of instructions for installing and configuring various software packages on top of a base Linux system.Download FREE 1,200-page book